SlideShare uma empresa Scribd logo

CrowdCast Monthly: Operationalizing Intelligence

CrowdStrike
CrowdStrike

In today’s threat environment, adversaries are constantly profiling and attacking your corporate infrastructure to access and collect your intellectual property, proprietary data, and trade secrets. Now, more than ever, Threat Intelligence is increasingly important for organizations who want to proactively defend against advanced threat actors. While many organizations today are collecting massive amount of threat intelligence, are they able to translate the information into an effective defense strategy? View the slides now to learn about threat intelligence for operational purposes, including real-world demonstrations of how to consume intelligence and integrate it with existing security infrastructure. Learn how to prioritize response by differentiating between commodity and targeted attacks and develop a defense that responds to specific methods used by advanced attackers.

TecnologiaNegócios
1 de 24
Baixar para ler offline
OPERATIONALIZING THREAT INTELLIGENCE Adam Meyers, Vice President Intelligence; CrowdStrike Elia Zaitsev, Sales Engineer; CrowdStrike USING ACTIONABLE THREAT INTELLIGENCE TO FOCUS SECURITY OPERATIONS
TODAY’S SPEAKERS 2014 CrowdStrike, Inc. All rights reserved. 2 ADAM MEYERS | VP, INTELLIGENCE Recognized speaker, trainer, and intelligence expert with 15+ years of cyber security industry experience 10 years in the DIB supporting US GOV customers on topics ranging from wireless, pen testing, IR, and malware analysis @ADAM_CYBER @CROWDSTRIKE | #CROWDCASTS
2014 CrowdStrike, Inc. All rights reserved. 3 ELIA ZAITSEV | SALES ENGINEER +7 years of IT security industry experience providing sales support and technical implementation of enterprise security products Currently supports sales of CrowdStrike’s Falcon Platform, including endpoint threat detection & response, endpoint activity monitoring, and threat intelligence @CROWDSTRIKE | #CROWDCASTS #TWITTERHATER
2014 CrowdStrike, Inc. All rights reserved. 4 IN THE NEWS @CROWDSTRIKE | #CROWDCASTS
RELEASE OF PUBLIC INDICATORS AND INTELLIGENCE Operation Aurora APT 1 Babar Uroburos 2014 CrowdStrike, Inc. All rights reserved. 5 @CROWDSTRIKE | #CROWDCASTS
2014 CrowdStrike, Inc. All rights reserved. 6 ACTIONABLE INTELLIGENCE WHAT DO YOU DO WITH INDICATORS? Enterprise Security Systems have basic configurations out of the Box Detection needs to be updated at line speed No standard taxonomy to express threat intelligence @CROWDSTRIKE | #CROWDCASTS
How do you OPERATIONALIZE? 2014 CrowdStrike, Inc. All rights reserved. 7 @CROWDSTRIKE | #CROWDCASTS
2014 CrowdStrike, Inc. All rights reserved. 8 Comment Panda: Commercial, Government, Non-profit Deep Panda: Financial, Technology, Non-profit Foxy Panda: Technology & Communications Anchor Panda: Government organizations, Defense & Aerospace, Industrial Engineering, NGOs Impersonating Panda: Financial Sector Karma Panda: Dissident groups Keyhole Panda: Electronics & Communications Poisonous Panda: Energy Technology, G20, NGOs, Dissident Groups Putter Panda: Governmental & Military Toxic Panda: Dissident Groups Union Panda: Industrial companies Vixen Panda: Government CHINA IRAN INDIA Viceroy Tiger: Government, Legal, Financial, Media, Telecom RUSSIA Energetic Bear: Oil and Gas Companies NORTH KOREA Silent Chollima: Government, Military, Financial Magic Kitten: Dissidents Cutting Kitten: Energy Companies Singing Spider: Commercial, Financial Union Spider: Manufacturing Andromeda Spider: Numerous CRIMINAL Deadeye Jackal: Commercial, Financial, Media, Social Networking Ghost Jackal: Commercial, Energy, Financial Corsair Jackal: Commercial, Technology, Financial, Energy Extreme Jackal: Military, Government HACTIVIST/TERRORIST UNCOVER THE ADVERSARY @CROWDSTRIKE | #CROWDCASTS
2014 CrowdStrike, Inc. All rights reserved. 9 Don’t fear change Not all behaviors change - good intel and pattern analysis can identify the new TTPs Consume and operationalize threat intelligence quickly Threat intelligence is of no help after an incident or when consumed from a public release long after the campaign finished GET TO KNOW THE ADVERSARY @CROWDSTRIKE | #CROWDCASTS
INDICATIONS AND WARNINGS: Q1 ZERO DAY 14 FEB 2014 SWC campaign affecting NGO/ think tank sites leverages CVE-2014-0502 3 FEB 2014 CVE-2014-0497 exploit used to distribute Tapaoux malware 17 JAN 2014 Spoofed GIFAS drive-by sites lead to CVE-2014-0322 exploit 11 FEB 2014 AURORA PANDA uses VFW website in SWC activity leverages CVE-2014-0322 . 24 MAR 2014 Microsoft identifies CVE-2014-1761 and its limited use in targeted attacks 2014 CrowdStrike, Inc. All rights reserved. 10
2014 CrowdStrike, Inc. All rights reserved. 11 CASE STUDY: CHINA TARGETING THE OIL SECTOR STRATEGIC ASSESSMENT OF CHINA’S ENERGY SECTOR, STATE CONTROL & NATIONAL AGENDA, AND CHINA’S DOMESTIC OIL SECTOR @CROWDSTRIKE | #CROWDCASTS
2014 CrowdStrike, Inc. All rights reserved. 12 Goblin Panda Wet Panda Vixen Panda Violin Panda Temper Panda Poisonous Panda Comment Panda Anchor Panda CHINA IRAN INDIA Viceroy Tiger RUSSIA Energetic Bear Clever Kitten Flying Kitten Corsair Jackal Ghost Jackal ACTIVIST ENERGY SECTOR TARGETING @CROWDSTRIKE | #CROWDCASTS
Second-largest oil consuming country in the world Largest oil importer in the world Investing in international oil assets Declining domestic oil output Reinvestment in China’s domestic oil sector 2014 CrowdStrike, Inc. All rights reserved. 13 CHINA’S ENERGY SECTOR @CROWDSTRIKE | #CROWDCASTS
Hydroelectric Power 6% Natural Gas 4% Nuclear <1% Other Renewables 1% 2014 CrowdStrike, Inc. All rights reserved. 14 CHINA’S ENERGY SECTOR Total Energy Consumption @CROWDSTRIKE | #CROWDCASTS
2014 CrowdStrike, Inc. All rights reserved. 15 STATE CONTROL & NATIONAL AGENDA 383 Plan 863 Plan Indigenous Innovation Top Five National Oil Companies: CNPC/Petro China, Sinopec, CNOOC, Sinochem Group, Zhuhai Zhen Rong Co. 2 3 4 1 @CROWDSTRIKE | #CROWDCASTS
2014 CrowdStrike, Inc. All rights reserved. 16 DOMESTIC OIL SECTOR PRESENT DAY Mature Oil Basins Drilling in the Western Provinces Offshore Shallow-Water Drilling Deep-Water Drilling East and South China Seas Territorial Disputes FUTURE @CROWDSTRIKE | #CROWDCASTS
TECHNOLOGICAL DEFICIENCIES 2014 Crowdstrike, Inc. All rights reserved. 17 Exploration Technologies 3D and 4d seismic imaging Oil Spill Prevention Technologies 2010 and 2011 oil spills in Bohai Bay Deep-Water Oil Drilling Technologies 300-3,000 meters deep Resulting Cyber Espionage @CROWDSTRIKE | #CROWDCASTS
2014 CrowdStrike, Inc. All rights reserved. 18 Looming energy crisis Declining domestic oil supply Patent development is slow Technological deficiencies CHINA’S MOTIVATIONS INTELLIGENCE ASSESSMENT TARGETS ASSESSMENT Exploration technology: 3D and 4D seismic Oil spill prevention technology Deep-water oil drilling technology Increasing cyber espionage Increasing Chinese military presence in the East and South China Seas Increasing corporate espionage to outbid others for international oil assets @CROWDSTRIKE | #CROWDCASTS
2014 CrowdStrike, Inc. All rights reserved. 19 ORGANIZATIONS WITH SUPERIOR INTELLIGENCE CAPABILITIES ARE FAR MORE SUCCESSFUL AT MITIGATING TARGETED ATTACKS @CROWDSTRIKE | #CROWDCASTS
INCREASED SHARING OF INDICATORS AND INTELLIGENCE 2014 CrowdStrike, Inc. All rights reserved. 20 Organizations have access to far more information than they have ever had before OSINT and managed intel threat feeds Whitepapers Malware dumps like VirusTotal, Contagio, and VirusShare Presentations by researchers The private sector is now capable of building government-level intel capabilities INCREASED SHARING OF INTELLIGENCE & INDICATORS
2014 CrowdStrike, Inc. All rights reserved. 21 AN ORGANIZATION’S SUCCESS WILL BE MEASURED BY THE ABILITY TO DETECT, RESPOND, AND MITIGATE THESE PATTERNS OF ATTACK
2014 CrowdStrike, Inc. All rights reserved. 22 @CROWDSTRIKE | #CROWDCASTS DEMOS [ ]DATA VISUALIZATION PACKET CAPTURE LOG AGGREGRATION / SIEM THREAT INTELLIGENCE
For additional information, please contact crowdcasts@crowdstrike.com - or – intel@crowdstrike.com Q & A 2014 CrowdStrike, Inc. All rights reserved. 23 @CROWDSTRIKE | #CROWDCASTS Q&A
CrowdCast Monthly: Operationalizing Intelligence

Recomendados

Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
Kangaroot
 
Security architecture - Perform a gap analysis
Security architecture - Perform a gap analysisSecurity architecture - Perform a gap analysis
Security architecture - Perform a gap analysis
Carlo Dapino
 
Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service
Netpluz Asia Pte Ltd
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
CrowdStrike
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And Detection
CrowdStrike
 
Elastic Security: Unified protection for everyone
Elastic Security: Unified protection for everyoneElastic Security: Unified protection for everyone
Elastic Security: Unified protection for everyone
Elasticsearch
 
Empower Your Security Practitioners with Elastic SIEM
Empower Your Security Practitioners with Elastic SIEMEmpower Your Security Practitioners with Elastic SIEM
Empower Your Security Practitioners with Elastic SIEM
Elasticsearch
 
Imperva ppt
Imperva pptImperva ppt
Imperva ppt
Imperva
 

Recomendados

Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
Kangaroot
 
Security architecture - Perform a gap analysis
Security architecture - Perform a gap analysisSecurity architecture - Perform a gap analysis
Security architecture - Perform a gap analysis
Carlo Dapino
 
Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service
Netpluz Asia Pte Ltd
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
CrowdStrike
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And Detection
CrowdStrike
 
Elastic Security: Unified protection for everyone
Elastic Security: Unified protection for everyoneElastic Security: Unified protection for everyone
Elastic Security: Unified protection for everyone
Elasticsearch
 
Empower Your Security Practitioners with Elastic SIEM
Empower Your Security Practitioners with Elastic SIEMEmpower Your Security Practitioners with Elastic SIEM
Empower Your Security Practitioners with Elastic SIEM
Elasticsearch
 
Imperva ppt
Imperva pptImperva ppt
Imperva ppt
Imperva
 
EDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onEDR vs SIEM - The fight is on
EDR vs SIEM - The fight is on
Justin Henderson
 
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Amazon Web Services
 
Free and open cloud security posture monitoring
Free and open cloud security posture monitoringFree and open cloud security posture monitoring
Free and open cloud security posture monitoring
Elasticsearch
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
Kris Kimmerle
 
Cloud vs. On-Premises Security: Can you afford not to switch?
Cloud vs. On-Premises Security: Can you afford not to switch?Cloud vs. On-Premises Security: Can you afford not to switch?
Cloud vs. On-Premises Security: Can you afford not to switch?
Zscaler
 
Data analytics as a service
Data analytics as a serviceData analytics as a service
Data analytics as a service
Stanley Wang
 
Crowdstrike .pptx
Crowdstrike .pptxCrowdstrike .pptx
Crowdstrike .pptx
uthayakumar174828
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fast
Cloudflare
 
Why Data Virtualization? An Introduction by Denodo
Why Data Virtualization? An Introduction by DenodoWhy Data Virtualization? An Introduction by Denodo
Why Data Virtualization? An Introduction by Denodo
Justo Hidalgo
 
Agile Data Governance Tutorial
Agile Data Governance TutorialAgile Data Governance Tutorial
Agile Data Governance Tutorial
Tami Flowers
 
Meaningfull security metrics
Meaningfull security metricsMeaningfull security metrics
Meaningfull security metrics
Vladimir Jirasek
 
Continuous Data Ingestion pipeline for the Enterprise
Continuous Data Ingestion pipeline for the EnterpriseContinuous Data Ingestion pipeline for the Enterprise
Continuous Data Ingestion pipeline for the Enterprise
DataWorks Summit
 
MSP Best Practice | Using Strategic IT Roadmaps to Get More Contracts
MSP Best Practice | Using Strategic IT Roadmaps to Get More ContractsMSP Best Practice | Using Strategic IT Roadmaps to Get More Contracts
MSP Best Practice | Using Strategic IT Roadmaps to Get More Contracts
David Castro
 
Incident, Problem, Change, Knowledge…and Service Catalog? A Powerful Circle.
Incident, Problem, Change, Knowledge…and Service Catalog? A Powerful Circle. Incident, Problem, Change, Knowledge…and Service Catalog? A Powerful Circle.
Incident, Problem, Change, Knowledge…and Service Catalog? A Powerful Circle.
Evergreen Systems
 
SEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxSEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptx
AmrMousa51
 
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMUpgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Elasticsearch
 
Red teaming probably isn't for you
Red teaming probably isn't for youRed teaming probably isn't for you
Red teaming probably isn't for you
Toby Kohlenberg
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
SandeshUprety4
 
Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Practical Enterprise Security Architecture
Practical Enterprise Security Architecture
Priyanka Aash
 
Data Governance
Data GovernanceData Governance
Data Governance
SambaSoup
 
Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning
CrowdStrike
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary Problem
CrowdStrike
 

Mais conteúdo relacionado

Mais procurados

Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Amazon Web Services
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fast
Cloudflare
 
Continuous Data Ingestion pipeline for the Enterprise
Continuous Data Ingestion pipeline for the EnterpriseContinuous Data Ingestion pipeline for the Enterprise
Continuous Data Ingestion pipeline for the Enterprise
DataWorks Summit
 
Incident, Problem, Change, Knowledge…and Service Catalog? A Powerful Circle.
Incident, Problem, Change, Knowledge…and Service Catalog? A Powerful Circle. Incident, Problem, Change, Knowledge…and Service Catalog? A Powerful Circle.
Incident, Problem, Change, Knowledge…and Service Catalog? A Powerful Circle.
Evergreen Systems
 

Mais procurados (20)

EDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onEDR vs SIEM - The fight is on
EDR vs SIEM - The fight is on
 
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
 
Free and open cloud security posture monitoring
Free and open cloud security posture monitoringFree and open cloud security posture monitoring
Free and open cloud security posture monitoring
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
 
Cloud vs. On-Premises Security: Can you afford not to switch?
Cloud vs. On-Premises Security: Can you afford not to switch?Cloud vs. On-Premises Security: Can you afford not to switch?
Cloud vs. On-Premises Security: Can you afford not to switch?
 
Data analytics as a service
Data analytics as a serviceData analytics as a service
Data analytics as a service
 
Crowdstrike .pptx
Crowdstrike .pptxCrowdstrike .pptx
Crowdstrike .pptx
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fast
 
Why Data Virtualization? An Introduction by Denodo
Why Data Virtualization? An Introduction by DenodoWhy Data Virtualization? An Introduction by Denodo
Why Data Virtualization? An Introduction by Denodo
 
Agile Data Governance Tutorial
Agile Data Governance TutorialAgile Data Governance Tutorial
Agile Data Governance Tutorial
 
Meaningfull security metrics
Meaningfull security metricsMeaningfull security metrics
Meaningfull security metrics
 
Continuous Data Ingestion pipeline for the Enterprise
Continuous Data Ingestion pipeline for the EnterpriseContinuous Data Ingestion pipeline for the Enterprise
Continuous Data Ingestion pipeline for the Enterprise
 
MSP Best Practice | Using Strategic IT Roadmaps to Get More Contracts
MSP Best Practice | Using Strategic IT Roadmaps to Get More ContractsMSP Best Practice | Using Strategic IT Roadmaps to Get More Contracts
MSP Best Practice | Using Strategic IT Roadmaps to Get More Contracts
 
Incident, Problem, Change, Knowledge…and Service Catalog? A Powerful Circle.
Incident, Problem, Change, Knowledge…and Service Catalog? A Powerful Circle. Incident, Problem, Change, Knowledge…and Service Catalog? A Powerful Circle.
Incident, Problem, Change, Knowledge…and Service Catalog? A Powerful Circle.
 
SEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxSEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptx
 
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMUpgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
 
Red teaming probably isn't for you
Red teaming probably isn't for youRed teaming probably isn't for you
Red teaming probably isn't for you
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
 
Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Practical Enterprise Security Architecture
Practical Enterprise Security Architecture
 
Data Governance
Data GovernanceData Governance
Data Governance
 

Destaque

Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning
CrowdStrike
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary Problem
CrowdStrike
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
CrowdStrike
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint Security
CrowdStrike
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsBear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence Operations
CrowdStrike
 
End-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware FamilyEnd-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware Family
CrowdStrike
 
TOR... ALL THE THINGS
TOR... ALL THE THINGSTOR... ALL THE THINGS
TOR... ALL THE THINGS
CrowdStrike
 
End-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
End-to-End Analysis of a Domain Generating Algorithm Malware Family WhitepaperEnd-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
End-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
CrowdStrike
 
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of BootkitsI/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
CrowdStrike
 
The Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-AdversariesThe Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-Adversaries
Kaspersky
 

Destaque (20)

Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning Battling Unknown Malware with Machine Learning
Battling Unknown Malware with Machine Learning
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary Problem
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint Security
 
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted Threats
 
Java Journal & Pyresso: A Python-Based Framework for Debugging Java
Java Journal & Pyresso: A Python-Based Framework for Debugging JavaJava Journal & Pyresso: A Python-Based Framework for Debugging Java
Java Journal & Pyresso: A Python-Based Framework for Debugging Java
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsBear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence Operations
 
Venom
Venom Venom
Venom
 
End-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware FamilyEnd-to-End Analysis of a Domain Generating Algorithm Malware Family
End-to-End Analysis of a Domain Generating Algorithm Malware Family
 
TOR... ALL THE THINGS
TOR... ALL THE THINGSTOR... ALL THE THINGS
TOR... ALL THE THINGS
 
End-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
End-to-End Analysis of a Domain Generating Algorithm Malware Family WhitepaperEnd-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
End-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
 
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of BootkitsI/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
I/O, You Own: Regaining Control of Your Disk in the Presence of Bootkits
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas Attack
 
Be Social. Use CrowdRE.
Be Social. Use CrowdRE.Be Social. Use CrowdRE.
Be Social. Use CrowdRE.
 
CrowdCasts Monthly: Mitigating Pass the Hash
CrowdCasts Monthly: Mitigating Pass the HashCrowdCasts Monthly: Mitigating Pass the Hash
CrowdCasts Monthly: Mitigating Pass the Hash
 
IDAの脆弱性とBug Bounty by 千田 雅明
IDAの脆弱性とBug Bounty by 千田 雅明IDAの脆弱性とBug Bounty by 千田 雅明
IDAの脆弱性とBug Bounty by 千田 雅明
 
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the Indicator
 
Presentatie Kaspersky over Malware trends en statistieken, 26062015
Presentatie Kaspersky over Malware trends en statistieken, 26062015Presentatie Kaspersky over Malware trends en statistieken, 26062015
Presentatie Kaspersky over Malware trends en statistieken, 26062015
 
Російські хакери стежили за артилерією ЗСУ через Android
Російські хакери стежили за артилерією ЗСУ через AndroidРосійські хакери стежили за артилерією ЗСУ через Android
Російські хакери стежили за артилерією ЗСУ через Android
 
The Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-AdversariesThe Motives, Means and Methods of Cyber-Adversaries
The Motives, Means and Methods of Cyber-Adversaries
 

Semelhante a CrowdCast Monthly: Operationalizing Intelligence

Operationalizing Threat Intelligence to Battle Persistent Actors
Operationalizing Threat Intelligence to Battle Persistent ActorsOperationalizing Threat Intelligence to Battle Persistent Actors
Operationalizing Threat Intelligence to Battle Persistent Actors
ThreatConnect
 
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsStop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
Invincea, Inc.
 
Retail Cyberthreat Summit: Insights and Strategies from Industry Experts
Retail Cyberthreat Summit: Insights and Strategies from Industry ExpertsRetail Cyberthreat Summit: Insights and Strategies from Industry Experts
Retail Cyberthreat Summit: Insights and Strategies from Industry Experts
Tripwire
 
Cyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSUCyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSU
Mohit Rampal
 
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat PreventionArt Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Prevention
centralohioissa
 
Better Security Through Big Data Analytics
Better Security Through Big Data AnalyticsBetter Security Through Big Data Analytics
Better Security Through Big Data Analytics
Symantec
 
wp-cyber-threats-to-the-mining-industry
wp-cyber-threats-to-the-mining-industrywp-cyber-threats-to-the-mining-industry
wp-cyber-threats-to-the-mining-industry
Numaan Huq
 
Fall2015SecurityShow
Fall2015SecurityShowFall2015SecurityShow
Fall2015SecurityShow
Adam Heller
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trump
MAXfocus
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
Shawn Croswell
 

Semelhante a CrowdCast Monthly: Operationalizing Intelligence (20)

Operationalizing Threat Intelligence to Battle Persistent Actors
Operationalizing Threat Intelligence to Battle Persistent ActorsOperationalizing Threat Intelligence to Battle Persistent Actors
Operationalizing Threat Intelligence to Battle Persistent Actors
 
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsStop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
 
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
 
[CLASS 2014] Palestra Técnica - Fabio Rosa
[CLASS 2014] Palestra Técnica - Fabio Rosa[CLASS 2014] Palestra Técnica - Fabio Rosa
[CLASS 2014] Palestra Técnica - Fabio Rosa
 
Threat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned WithThreat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned With
 
Retail Cyberthreat Summit: Insights and Strategies from Industry Experts
Retail Cyberthreat Summit: Insights and Strategies from Industry ExpertsRetail Cyberthreat Summit: Insights and Strategies from Industry Experts
Retail Cyberthreat Summit: Insights and Strategies from Industry Experts
 
Hacker House August Proposal
Hacker House August ProposalHacker House August Proposal
Hacker House August Proposal
 
Cyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSUCyber as WMD- April 2015- GFSU
Cyber as WMD- April 2015- GFSU
 
How secure are your customers.pptx
How secure are your customers.pptxHow secure are your customers.pptx
How secure are your customers.pptx
 
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat PreventionArt Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Prevention
 
Infosecurity magazine webinar v2
Infosecurity magazine webinar v2Infosecurity magazine webinar v2
Infosecurity magazine webinar v2
 
Better Security Through Big Data Analytics
Better Security Through Big Data AnalyticsBetter Security Through Big Data Analytics
Better Security Through Big Data Analytics
 
wp-cyber-threats-to-the-mining-industry
wp-cyber-threats-to-the-mining-industrywp-cyber-threats-to-the-mining-industry
wp-cyber-threats-to-the-mining-industry
 
Fall2015SecurityShow
Fall2015SecurityShowFall2015SecurityShow
Fall2015SecurityShow
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trump
 
Cyber War ( World War 3 )
Cyber War ( World War 3 )Cyber War ( World War 3 )
Cyber War ( World War 3 )
 
Lean US Market Entry
Lean US Market EntryLean US Market Entry
Lean US Market Entry
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
 
ESA - Hacking the aerospace industry - should we worry ?
ESA - Hacking the aerospace industry - should we worry ? ESA - Hacking the aerospace industry - should we worry ?
ESA - Hacking the aerospace industry - should we worry ?
 
Learn how marketers use APIs to automate their stack
Learn how marketers use APIs to automate their stackLearn how marketers use APIs to automate their stack
Learn how marketers use APIs to automate their stack
 

Mais de CrowdStrike

State of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetState of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers Mindset
CrowdStrike
 
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemUnderstanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
CrowdStrike
 
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns
CrowdStrike
 
An Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakAn Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware Outbreak
CrowdStrike
 
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMDEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
CrowdStrike
 
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike
 
TOR... ALL THE THINGS Whitepaper
TOR... ALL THE THINGS WhitepaperTOR... ALL THE THINGS Whitepaper
TOR... ALL THE THINGS Whitepaper
CrowdStrike
 

Mais de CrowdStrike (7)

State of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetState of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers Mindset
 
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemUnderstanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
 
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns
 
An Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakAn Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware Outbreak
 
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMDEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
 
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
 
TOR... ALL THE THINGS Whitepaper
TOR... ALL THE THINGS WhitepaperTOR... ALL THE THINGS Whitepaper
TOR... ALL THE THINGS Whitepaper
 

Último

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 

Último (20)

[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 

CrowdCast Monthly: Operationalizing Intelligence

  • 1. OPERATIONALIZING THREAT INTELLIGENCE Adam Meyers, Vice President Intelligence; CrowdStrike Elia Zaitsev, Sales Engineer; CrowdStrike USING ACTIONABLE THREAT INTELLIGENCE TO FOCUS SECURITY OPERATIONS
  • 2. TODAY’S SPEAKERS 2014 CrowdStrike, Inc. All rights reserved. 2 ADAM MEYERS | VP, INTELLIGENCE Recognized speaker, trainer, and intelligence expert with 15+ years of cyber security industry experience 10 years in the DIB supporting US GOV customers on topics ranging from wireless, pen testing, IR, and malware analysis @ADAM_CYBER @CROWDSTRIKE | #CROWDCASTS
  • 3. 2014 CrowdStrike, Inc. All rights reserved. 3 ELIA ZAITSEV | SALES ENGINEER +7 years of IT security industry experience providing sales support and technical implementation of enterprise security products Currently supports sales of CrowdStrike’s Falcon Platform, including endpoint threat detection & response, endpoint activity monitoring, and threat intelligence @CROWDSTRIKE | #CROWDCASTS #TWITTERHATER
  • 4. 2014 CrowdStrike, Inc. All rights reserved. 4 IN THE NEWS @CROWDSTRIKE | #CROWDCASTS
  • 5. RELEASE OF PUBLIC INDICATORS AND INTELLIGENCE Operation Aurora APT 1 Babar Uroburos 2014 CrowdStrike, Inc. All rights reserved. 5 @CROWDSTRIKE | #CROWDCASTS
  • 6. 2014 CrowdStrike, Inc. All rights reserved. 6 ACTIONABLE INTELLIGENCE WHAT DO YOU DO WITH INDICATORS? Enterprise Security Systems have basic configurations out of the Box Detection needs to be updated at line speed No standard taxonomy to express threat intelligence @CROWDSTRIKE | #CROWDCASTS
  • 7. How do you OPERATIONALIZE? 2014 CrowdStrike, Inc. All rights reserved. 7 @CROWDSTRIKE | #CROWDCASTS
  • 8. 2014 CrowdStrike, Inc. All rights reserved. 8 Comment Panda: Commercial, Government, Non-profit Deep Panda: Financial, Technology, Non-profit Foxy Panda: Technology & Communications Anchor Panda: Government organizations, Defense & Aerospace, Industrial Engineering, NGOs Impersonating Panda: Financial Sector Karma Panda: Dissident groups Keyhole Panda: Electronics & Communications Poisonous Panda: Energy Technology, G20, NGOs, Dissident Groups Putter Panda: Governmental & Military Toxic Panda: Dissident Groups Union Panda: Industrial companies Vixen Panda: Government CHINA IRAN INDIA Viceroy Tiger: Government, Legal, Financial, Media, Telecom RUSSIA Energetic Bear: Oil and Gas Companies NORTH KOREA Silent Chollima: Government, Military, Financial Magic Kitten: Dissidents Cutting Kitten: Energy Companies Singing Spider: Commercial, Financial Union Spider: Manufacturing Andromeda Spider: Numerous CRIMINAL Deadeye Jackal: Commercial, Financial, Media, Social Networking Ghost Jackal: Commercial, Energy, Financial Corsair Jackal: Commercial, Technology, Financial, Energy Extreme Jackal: Military, Government HACTIVIST/TERRORIST UNCOVER THE ADVERSARY @CROWDSTRIKE | #CROWDCASTS
  • 9. 2014 CrowdStrike, Inc. All rights reserved. 9 Don’t fear change Not all behaviors change - good intel and pattern analysis can identify the new TTPs Consume and operationalize threat intelligence quickly Threat intelligence is of no help after an incident or when consumed from a public release long after the campaign finished GET TO KNOW THE ADVERSARY @CROWDSTRIKE | #CROWDCASTS
  • 10. INDICATIONS AND WARNINGS: Q1 ZERO DAY 14 FEB 2014 SWC campaign affecting NGO/ think tank sites leverages CVE-2014-0502 3 FEB 2014 CVE-2014-0497 exploit used to distribute Tapaoux malware 17 JAN 2014 Spoofed GIFAS drive-by sites lead to CVE-2014-0322 exploit 11 FEB 2014 AURORA PANDA uses VFW website in SWC activity leverages CVE-2014-0322 . 24 MAR 2014 Microsoft identifies CVE-2014-1761 and its limited use in targeted attacks 2014 CrowdStrike, Inc. All rights reserved. 10
  • 11. 2014 CrowdStrike, Inc. All rights reserved. 11 CASE STUDY: CHINA TARGETING THE OIL SECTOR STRATEGIC ASSESSMENT OF CHINA’S ENERGY SECTOR, STATE CONTROL & NATIONAL AGENDA, AND CHINA’S DOMESTIC OIL SECTOR @CROWDSTRIKE | #CROWDCASTS
  • 12. 2014 CrowdStrike, Inc. All rights reserved. 12 Goblin Panda Wet Panda Vixen Panda Violin Panda Temper Panda Poisonous Panda Comment Panda Anchor Panda CHINA IRAN INDIA Viceroy Tiger RUSSIA Energetic Bear Clever Kitten Flying Kitten Corsair Jackal Ghost Jackal ACTIVIST ENERGY SECTOR TARGETING @CROWDSTRIKE | #CROWDCASTS
  • 13. Second-largest oil consuming country in the world Largest oil importer in the world Investing in international oil assets Declining domestic oil output Reinvestment in China’s domestic oil sector 2014 CrowdStrike, Inc. All rights reserved. 13 CHINA’S ENERGY SECTOR @CROWDSTRIKE | #CROWDCASTS
  • 14. Hydroelectric Power 6% Natural Gas 4% Nuclear <1% Other Renewables 1% 2014 CrowdStrike, Inc. All rights reserved. 14 CHINA’S ENERGY SECTOR Total Energy Consumption @CROWDSTRIKE | #CROWDCASTS
  • 15. 2014 CrowdStrike, Inc. All rights reserved. 15 STATE CONTROL & NATIONAL AGENDA 383 Plan 863 Plan Indigenous Innovation Top Five National Oil Companies: CNPC/Petro China, Sinopec, CNOOC, Sinochem Group, Zhuhai Zhen Rong Co. 2 3 4 1 @CROWDSTRIKE | #CROWDCASTS
  • 16. 2014 CrowdStrike, Inc. All rights reserved. 16 DOMESTIC OIL SECTOR PRESENT DAY Mature Oil Basins Drilling in the Western Provinces Offshore Shallow-Water Drilling Deep-Water Drilling East and South China Seas Territorial Disputes FUTURE @CROWDSTRIKE | #CROWDCASTS
  • 17. TECHNOLOGICAL DEFICIENCIES 2014 Crowdstrike, Inc. All rights reserved. 17 Exploration Technologies 3D and 4d seismic imaging Oil Spill Prevention Technologies 2010 and 2011 oil spills in Bohai Bay Deep-Water Oil Drilling Technologies 300-3,000 meters deep Resulting Cyber Espionage @CROWDSTRIKE | #CROWDCASTS
  • 18. 2014 CrowdStrike, Inc. All rights reserved. 18 Looming energy crisis Declining domestic oil supply Patent development is slow Technological deficiencies CHINA’S MOTIVATIONS INTELLIGENCE ASSESSMENT TARGETS ASSESSMENT Exploration technology: 3D and 4D seismic Oil spill prevention technology Deep-water oil drilling technology Increasing cyber espionage Increasing Chinese military presence in the East and South China Seas Increasing corporate espionage to outbid others for international oil assets @CROWDSTRIKE | #CROWDCASTS
  • 19. 2014 CrowdStrike, Inc. All rights reserved. 19 ORGANIZATIONS WITH SUPERIOR INTELLIGENCE CAPABILITIES ARE FAR MORE SUCCESSFUL AT MITIGATING TARGETED ATTACKS @CROWDSTRIKE | #CROWDCASTS
  • 20. INCREASED SHARING OF INDICATORS AND INTELLIGENCE 2014 CrowdStrike, Inc. All rights reserved. 20 Organizations have access to far more information than they have ever had before OSINT and managed intel threat feeds Whitepapers Malware dumps like VirusTotal, Contagio, and VirusShare Presentations by researchers The private sector is now capable of building government-level intel capabilities INCREASED SHARING OF INTELLIGENCE & INDICATORS
  • 21. 2014 CrowdStrike, Inc. All rights reserved. 21 AN ORGANIZATION’S SUCCESS WILL BE MEASURED BY THE ABILITY TO DETECT, RESPOND, AND MITIGATE THESE PATTERNS OF ATTACK
  • 22. 2014 CrowdStrike, Inc. All rights reserved. 22 @CROWDSTRIKE | #CROWDCASTS DEMOS [ ]DATA VISUALIZATION PACKET CAPTURE LOG AGGREGRATION / SIEM THREAT INTELLIGENCE
  • 23. For additional information, please contact crowdcasts@crowdstrike.com - or – intel@crowdstrike.com Q & A 2014 CrowdStrike, Inc. All rights reserved. 23 @CROWDSTRIKE | #CROWDCASTS Q&A